Alias request: Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration.patchSettings.patchMode and Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration.patchSettings.patchMode

eehret commented 7 months ago

Scenario

Because of existing issues in the current Update Manager built-in policies that do not set patchMode correctly on virtual machines when the setting gets modified (currently a limitation of built-in policy /providers/Microsoft.Authorization/policyDefinitions/ba0df93e-e4ac-479a-aac2-134bbae39a1a), I am trying to supplement the built-in policies with a custom one that modifies patchMode to the desired setting (which in our case is AutomaticByPlatform whenever it is detected to be incorrect.

Unfortunately it appears that right now the aliases we need is not modifiable by policy. The aliases are:

Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration.patchSettings.patchMode (NOTE: SEE UPDATE BELOW. I discovered the Windows one is actually fine. Only the Linux one is not modifiable)
Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration.patchSettings.patchMode

The following command shows that the alias does exist , so I guess it's read only and not modifiable:

az provider show --namespace Microsoft.Compute --expand "resourceTypes/aliases" --query "resourceTypes[].aliases[].name" | grep patchMode

Proposed Definition

This is basically a clone of the built-in policy /providers/Microsoft.Authorization/policyDefinitions/59efceea-0c96-497e-a4a1-4eb2290dac15, but for setting patchMode instead of assessmentMode

{
  "mode": "Indexed",
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.Compute/virtualMachines"
        },
        {
          "anyOf": [
            {
              "value": "[empty(parameters('locations'))]",
              "equals": true
            },
            {
              "field": "location",
              "in": "[parameters('locations')]"
            }
          ]
        },
        {
          "field": "[if(equals(tolower(parameters('osType')), 'windows'), 'Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration.patchSettings.patchMode', 'Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration.patchSettings.patchMode')]",
          "notEquals": "[parameters('patchMode')]"
        },
        {
          "anyOf": [
            {
              "value": "[empty(parameters('tagValues'))]",
              "equals": true
            },
            {
              "allOf": [
                {
                  "value": "[parameters('tagOperator')]",
                  "equals": "Any"
                },
                {
                  "value": "[greaterOrEquals(if(empty(field('tags')), 0, length(intersection(parameters('tagValues'), field('tags')))), 1)]",
                  "equals": true
                }
              ]
            },
            {
              "allOf": [
                {
                  "value": "[parameters('tagOperator')]",
                  "equals": "All"
                },
                {
                  "value": "[equals(if(empty(field('tags')), 0, length(intersection(parameters('tagValues'), field('tags')))), length(parameters('tagValues')))]",
                  "equals": true
                }
              ]
            }
          ]
        },
        {
          "anyOf": [
            {
              "allOf": [
                {
                  "anyOf": [
                    {
                      "field": "Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration",
                      "exists": "true"
                    },
                    {
                      "field": "Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType",
                      "like": "Linux*"
                    }
                  ]
                },
                {
                  "value": "[parameters('osType')]",
                  "equals": "Linux"
                },
                {
                  "anyOf": [
                    {
                      "field": "Microsoft.Compute/imagePublisher",
                      "equals": "Canonical"
                    },
                    {
                      "allOf": [
                        {
                          "field": "Microsoft.Compute/imagePublisher",
                          "equals": "microsoftcblmariner"
                        },
                        {
                          "field": "Microsoft.Compute/imageOffer",
                          "equals": "cbl-mariner"
                        },
                        {
                          "field": "Microsoft.Compute/imageSKU",
                          "in": [
                            "cbl-mariner-1",
                            "1-gen2",
                            "cbl-mariner-2",
                            "cbl-mariner-2-gen2"
                          ]
                        }
                      ]
                    },
                    {
                      "allOf": [
                        {
                          "field": "Microsoft.Compute/imagePublisher",
                          "equals": "oracle"
                        },
                        {
                          "anyOf": [
                            {
                              "allOf": [
                                {
                                  "field": "Microsoft.Compute/imageOffer",
                                  "equals": "oracle-linux"
                                },
                                {
                                  "anyOf": [
                                    {
                                      "field": "Microsoft.Compute/imageSKU",
                                      "in": [
                                        "8",
                                        "8-ci",
                                        "81",
                                        "81-ci",
                                        "81-gen2"
                                      ]
                                    },
                                    {
                                      "field": "Microsoft.Compute/imageSKU",
                                      "like": "7*"
                                    },
                                    {
                                      "field": "Microsoft.Compute/imageSKU",
                                      "like": "ol7*"
                                    },
                                    {
                                      "field": "Microsoft.Compute/imageSKU",
                                      "like": "ol8*"
                                    },
                                    {
                                      "field": "Microsoft.Compute/imageSKU",
                                      "like": "ol9*"
                                    },
                                    {
                                      "field": "Microsoft.Compute/imageSKU",
                                      "like": "ol9-lvm*"
                                    }
                                  ]
                                }
                              ]
                            },
                            {
                              "allOf": [
                                {
                                  "field": "Microsoft.Compute/imageOffer",
                                  "equals": "oracle-database"
                                },
                                {
                                  "field": "Microsoft.Compute/imageSKU",
                                  "equals": "oracle_db_21"
                                }
                              ]
                            },
                            {
                              "allOf": [
                                {
                                  "field": "Microsoft.Compute/imageOffer",
                                  "like": "oracle-database-*"
                                },
                                {
                                  "field": "Microsoft.Compute/imageSKU",
                                  "like": "18.*"
                                }
                              ]
                            },
                            {
                              "allOf": [
                                {
                                  "field": "Microsoft.Compute/imageOffer",
                                  "equals": "oracle-database-19-3"
                                },
                                {
                                  "field": "Microsoft.Compute/imageSKU",
                                  "equals": "oracle-database-19-0904"
                                }
                              ]
                            }
                          ]
                        }
                      ]
                    },
                    {
                      "allOf": [
                        {
                          "field": "Microsoft.Compute/imagePublisher",
                          "equals": "microsoft-aks"
                        },
                        {
                          "field": "Microsoft.Compute/imageOffer",
                          "equals": "aks"
                        },
                        {
                          "field": "Microsoft.Compute/imageSKU",
                          "equals": "aks-engine-ubuntu-1804-202112"
                        }
                      ]
                    },
                    {
                      "allOf": [
                        {
                          "field": "Microsoft.Compute/imagePublisher",
                          "equals": "microsoft-dsvm"
                        },
                        {
                          "field": "Microsoft.Compute/imageOffer",
                          "equals": "aml-workstation"
                        },
                        {
                          "field": "Microsoft.Compute/imageSKU",
                          "in": [
                            "ubuntu-20",
                            "ubuntu-20-gen2"
                          ]
                        }
                      ]
                    },
                    {
                      "allOf": [
                        {
                          "field": "Microsoft.Compute/imagePublisher",
                          "equals": "Redhat"
                        },
                        {
                          "anyOf": [
                            {
                              "allOf": [
                                {
                                  "field": "Microsoft.Compute/imageOffer",
                                  "equals": "RHEL"
                                },
                                {
                                  "anyOf": [
                                    {
                                      "field": "Microsoft.Compute/imageSKU",
                                      "like": "7*"
                                    },
                                    {
                                      "field": "Microsoft.Compute/imageSKU",
                                      "like": "8*"
                                    },
                                    {
                                      "field": "Microsoft.Compute/imageSKU",
                                      "like": "9*"
                                    }
                                  ]
                                },
                                {
                                  "field": "Microsoft.Compute/imageSKU",
                                  "notEquals": "74-gen2"
                                }
                              ]
                            },
                            {
                              "allOf": [
                                {
                                  "field": "Microsoft.Compute/imageOffer",
                                  "equals": "RHEL-RAW"
                                },
                                {
                                  "anyOf": [
                                    {
                                      "field": "Microsoft.Compute/imageSKU",
                                      "like": "7*"
                                    },
                                    {
                                      "field": "Microsoft.Compute/imageSKU",
                                      "like": "8*"
                                    },
                                    {
                                      "field": "Microsoft.Compute/imageSKU",
                                      "like": "9*"
                                    }
                                  ]
                                }
                              ]
                            },
                            {
                              "allOf": [
                                {
                                  "field": "Microsoft.Compute/imageOffer",
                                  "in": [
                                    "rhel-sap-ha"
                                  ]
                                },
                                {
                                  "anyOf": [
                                    {
                                      "field": "Microsoft.Compute/imageSKU",
                                      "equals": "90sapha-gen2"
                                    },
                                    {
                                      "field": "Microsoft.Compute/imageSKU",
                                      "like": "7*"
                                    },
                                    {
                                      "field": "Microsoft.Compute/imageSKU",
                                      "like": "8*"
                                    }
                                  ]
                                },
                                {
                                  "field": "Microsoft.Compute/imageSKU",
                                  "notEquals": "7.5"
                                }
                              ]
                            },
                            {
                              "allOf": [
                                {
                                  "field": "Microsoft.Compute/imageOffer",
                                  "in": [
                                    "rhel-sap-apps"
                                  ]
                                },
                                {
                                  "anyOf": [
                                    {
                                      "field": "Microsoft.Compute/imageSKU",
                                      "equals": "90sapha-gen2"
                                    },
                                    {
                                      "field": "Microsoft.Compute/imageSKU",
                                      "like": "7*"
                                    },
                                    {
                                      "field": "Microsoft.Compute/imageSKU",
                                      "like": "8*"
                                    }
                                  ]
                                }
                              ]
                            },
                            {
                              "allOf": [
                                {
                                  "field": "Microsoft.Compute/imageOffer",
                                  "like": "rhel-sap-*"
                                },
                                {
                                  "field": "Microsoft.Compute/imageSKU",
                                  "equals": "9_0"
                                }
                              ]
                            },
                            {
                              "allOf": [
                                {
                                  "field": "Microsoft.Compute/imageOffer",
                                  "equals": "rhel-ha"
                                },
                                {
                                  "field": "Microsoft.Compute/imageSKU",
                                  "like": "8*"
                                },
                                {
                                  "field": "Microsoft.Compute/imageSKU",
                                  "notIn": [
                                    "7.4",
                                    "7.5",
                                    "7.6",
                                    "8.1",
                                    "81_gen2"
                                  ]
                                }
                              ]
                            },
                            {
                              "allOf": [
                                {
                                  "field": "Microsoft.Compute/imageOffer",
                                  "equals": "rhel-sap"
                                },
                                {
                                  "field": "Microsoft.Compute/imageSKU",
                                  "notIn": [
                                    "7.4",
                                    "7.5",
                                    "7.7"
                                  ]
                                },
                                {
                                  "field": "Microsoft.Compute/imageSKU",
                                  "like": "7*"
                                }
                              ]
                            }
                          ]
                        }
                      ]
                    },
                    {
                      "allOf": [
                        {
                          "field": "Microsoft.Compute/imagePublisher",
                          "equals": "OpenLogic"
                        },
                        {
                          "allOf": [
                            {
                              "anyOf": [
                                {
                                  "allOf": [
                                    {
                                      "field": "Microsoft.Compute/imageOffer",
                                      "equals": "Centos"
                                    },
                                    {
                                      "field": "Microsoft.Compute/imageSKU",
                                      "like": "7*"
                                    },
                                    {
                                      "field": "Microsoft.Compute/imageSKU",
                                      "notLike": "8*"
                                    }
                                  ]
                                },
                                {
                                  "allOf": [
                                    {
                                      "field": "Microsoft.Compute/imageOffer",
                                      "equals": "centos-lvm"
                                    },
                                    {
                                      "field": "Microsoft.Compute/imageSKU",
                                      "in": [
                                        "7-lvm",
                                        "8-lvm",
                                        "7-lvm-gen2"
                                      ]
                                    }
                                  ]
                                },
                                {
                                  "allOf": [
                                    {
                                      "field": "Microsoft.Compute/imageOffer",
                                      "equals": "centos-ci"
                                    },
                                    {
                                      "field": "Microsoft.Compute/imageSKU",
                                      "equals": "7-ci"
                                    }
                                  ]
                                }
                              ]
                            },
                            {
                              "field": "Microsoft.Compute/imageOffer",
                              "notEquals": "centos-hpc"
                            }
                          ]
                        }
                      ]
                    },
                    {
                      "allOf": [
                        {
                          "field": "Microsoft.Compute/imagePublisher",
                          "equals": "SUSE"
                        },
                        {
                          "anyOf": [
                            {
                              "allOf": [
                                {
                                  "field": "Microsoft.Compute/imageOffer",
                                  "in": [
                                    "sles-12-sp5",
                                    "sles-15-sp2",
                                    "sle-hpc-15-sp4",
                                    "sles-15-sp1-sapcal",
                                    "sles-15-sp3-sapcal",
                                    "sles-15-sp4-basic",
                                    "sles-15-sp4"
                                  ]
                                },
                                {
                                  "field": "Microsoft.Compute/imageSKU",
                                  "in": [
                                    "gen1",
                                    "gen2"
                                  ]
                                }
                              ]
                            },
                            {
                              "allOf": [
                                {
                                  "field": "Microsoft.Compute/imageOffer",
                                  "in": [
                                    "sles",
                                    "sles-standard"
                                  ]
                                },
                                {
                                  "field": "Microsoft.Compute/imageSKU",
                                  "equals": "12-sp4-gen2"
                                }
                              ]
                            },
                            {
                              "allOf": [
                                {
                                  "field": "Microsoft.Compute/imageOffer",
                                  "in": [
                                    "sles-15-sp2-basic",
                                    "sles-15-sp2-hpc"
                                  ]
                                },
                                {
                                  "field": "Microsoft.Compute/imageSKU",
                                  "equals": "gen2"
                                }
                              ]
                            },
                            {
                              "allOf": [
                                {
                                  "field": "Microsoft.Compute/imageOffer",
                                  "equals": "sles-15-sp4-sapcal"
                                },
                                {
                                  "field": "Microsoft.Compute/imageSKU",
                                  "equals": "gen1"
                                }
                              ]
                            },
                            {
                              "allOf": [
                                {
                                  "field": "Microsoft.Compute/imageOffer",
                                  "in": [
                                    "sles-byos",
                                    "sles-sap"
                                  ]
                                },
                                {
                                  "field": "Microsoft.Compute/imageSKU",
                                  "in": [
                                    "12-sp4",
                                    "12-sp4-gen2"
                                  ]
                                }
                              ]
                            },
                            {
                              "allOf": [
                                {
                                  "field": "Microsoft.Compute/imageOffer",
                                  "equals": "sles-sap-byos"
                                },
                                {
                                  "field": "Microsoft.Compute/imageSKU",
                                  "in": [
                                    "12-sp4",
                                    "12-sp4-gen2",
                                    "gen2-12-sp4"
                                  ]
                                }
                              ]
                            },
                            {
                              "allOf": [
                                {
                                  "field": "Microsoft.Compute/imageOffer",
                                  "equals": "sles-sapcal"
                                },
                                {
                                  "field": "Microsoft.Compute/imageSKU",
                                  "equals": "12-sp3"
                                }
                              ]
                            },
                            {
                              "allOf": [
                                {
                                  "field": "Microsoft.Compute/imageSKU",
                                  "like": "gen*"
                                },
                                {
                                  "anyOf": [
                                    {
                                      "field": "Microsoft.Compute/imageOffer",
                                      "like": "opensuse-leap-15-*"
                                    },
                                    {
                                      "field": "Microsoft.Compute/imageOffer",
                                      "like": "sles-12-sp5-*"
                                    },
                                    {
                                      "field": "Microsoft.Compute/imageOffer",
                                      "like": "sles-sap-12-sp5*"
                                    },
                                    {
                                      "allOf": [
                                        {
                                          "field": "Microsoft.Compute/imageOffer",
                                          "like": "sles-sap-15-*"
                                        },
                                        {
                                          "field": "Microsoft.Compute/imageOffer",
                                          "notLike": "sles-sap-15-*-byos"
                                        }
                                      ]
                                    }
                                  ]
                                }
                              ]
                            }
                          ]
                        }
                      ]
                    },
                    {
                      "allOf": [
                        {
                          "field": "Microsoft.Compute/imagePublisher",
                          "equals": "MicrosoftSQLServer"
                        },
                        {
                          "field": "Microsoft.Compute/imageOffer",
                          "notLike": "sql2019-sles*"
                        },
                        {
                          "field": "Microsoft.Compute/imageOffer",
                          "notIn": [
                            "sql2019-rhel7",
                            "sql2017-rhel7"
                          ]
                        }
                      ]
                    }
                  ]
                }
              ]
            },
            {
              "allOf": [
                {
                  "anyOf": [
                    {
                      "field": "Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration",
                      "exists": "true"
                    },
                    {
                      "field": "Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType",
                      "like": "Windows*"
                    }
                  ]
                },
                {
                  "value": "[parameters('osType')]",
                  "equals": "Windows"
                },
                {
                  "anyOf": [
                    {
                      "allOf": [
                        {
                          "field": "Microsoft.Compute/imagePublisher",
                          "equals": "MicrosoftWindowsServer"
                        },
                        {
                          "anyOf": [
                            {
                              "field": "Microsoft.Compute/imageOffer",
                              "in": [
                                "windowsserver",
                                "windows-cvm",
                                "windowsserverdotnet",
                                "windowsserver-gen2preview",
                                "windowsserversemiannual",
                                "windowsserverupgrade"
                              ]
                            },
                            {
                              "allOf": [
                                {
                                  "field": "Microsoft.Compute/imageOffer",
                                  "equals": "microsoftserveroperatingsystems-previews"
                                },
                                {
                                  "field": "Microsoft.Compute/imageSKU",
                                  "equals": "windows-server-vnext-azure-edition-core"
                                }
                              ]
                            },
                            {
                              "allOf": [
                                {
                                  "field": "Microsoft.Compute/imageOffer",
                                  "equals": "windowsserverhotpatch-previews"
                                },
                                {
                                  "field": "Microsoft.Compute/imageSKU",
                                  "equals": "windows-server-2022-azure-edition-hotpatch"
                                }
                              ]
                            }
                          ]
                        }
                      ]
                    },
                    {
                      "allOf": [
                        {
                          "field": "Microsoft.Compute/imagePublisher",
                          "equals": "MicrosoftSQLServer"
                        }
                      ]
                    },
                    {
                      "allOf": [
                        {
                          "field": "Microsoft.Compute/imagePublisher",
                          "equals": "microsoftdynamicsax"
                        },
                        {
                          "field": "Microsoft.Compute/imageOffer",
                          "equals": "dynamics"
                        }
                      ]
                    },
                    {
                      "allOf": [
                        {
                          "field": "Microsoft.Compute/imagePublisher",
                          "equals": "microsoftazuresiterecovery"
                        },
                        {
                          "field": "Microsoft.Compute/imageOffer",
                          "equals": "process-server"
                        },
                        {
                          "field": "Microsoft.Compute/imageSKU",
                          "equals": "windows-2012-r2-datacenter"
                        }
                      ]
                    },
                    {
                      "allOf": [
                        {
                          "field": "Microsoft.Compute/imagePublisher",
                          "equals": "microsoftbiztalkserver"
                        },
                        {
                          "field": "Microsoft.Compute/imageOffer",
                          "equals": "biztalk-server"
                        }
                      ]
                    },
                    {
                      "field": "Microsoft.Compute/imagePublisher",
                      "equals": "microsoftpowerbi"
                    },
                    {
                      "allOf": [
                        {
                          "field": "Microsoft.Compute/imagePublisher",
                          "equals": "microsoftsharepoint"
                        },
                        {
                          "field": "Microsoft.Compute/imageOffer",
                          "equals": "microsoftsharepointserver"
                        }
                      ]
                    },
                    {
                      "allOf": [
                        {
                          "field": "Microsoft.Compute/imagePublisher",
                          "equals": "microsoftwindowsserverhpcpack"
                        },
                        {
                          "field": "Microsoft.Compute/imageOffer",
                          "equals": "windowsserverhpcpack"
                        }
                      ]
                    },
                    {
                      "allOf": [
                        {
                          "field": "Microsoft.Compute/imagePublisher",
                          "equals": "microsoftvisualstudio"
                        },
                        {
                          "field": "Microsoft.Compute/imageOffer",
                          "like": "visualstudio*"
                        },
                        {
                          "anyOf": [
                            {
                              "field": "Microsoft.Compute/imageSKU",
                              "like": "*-ws2012r2"
                            },
                            {
                              "field": "Microsoft.Compute/imageSKU",
                              "like": "*-ws2016"
                            },
                            {
                              "field": "Microsoft.Compute/imageSKU",
                              "like": "*-ws2019"
                            },
                            {
                              "field": "Microsoft.Compute/imageSKU",
                              "like": "*-ws2022"
                            }
                          ]
                        }
                      ]
                    }
                  ]
                },
                {
                  "field": "Microsoft.Compute/imagePublisher",
                  "notEquals": "microsoft-ads"
                }
              ]
            }
          ]
        }
      ]
    },
    "then": {
      "effect": "modify",
      "details": {
        "roleDefinitionIds": [
          "/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"
        ],
        "conflictEffect": "audit",
        "operations": [
          {
            "condition": "[equals(tolower(parameters('osType')), 'windows')]",
            "operation": "addOrReplace",
            "field": "Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration.patchSettings.patchMode",
            "value": "[parameters('patchMode')]"
          },
          {
            "condition": "[equals(tolower(parameters('osType')), 'linux')]",
            "operation": "addOrReplace",
            "field": "Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration.patchSettings.patchMode",
            "value": "[parameters('patchMode')]"
          }
        ]
      }
    }
  },
  "parameters": {
    "patchMode": {
      "type": "String",
      "metadata": {
        "displayName": "Patch mode",
        "description": "Patch mode for the machines."
      },
      "allowedValues": [
        "ImageDefault",
        "AutomaticByPlatform"
      ],
      "defaultValue": "AutomaticByPlatform"
    },
    "osType": {
      "type": "String",
      "metadata": {
        "displayName": "OS type",
        "description": "OS type for the machines."
      },
      "allowedValues": [
        "Windows",
        "Linux"
      ],
      "defaultValue": "Windows"
    },
    "locations": {
      "type": "Array",
      "metadata": {
        "displayName": "Machines locations",
        "description": "The list of locations from which machines need to be targeted.",
        "strongType": "location"
      },
      "defaultValue": []
    },
    "tagValues": {
      "type": "Object",
      "metadata": {
        "displayName": "Tags on machines",
        "description": "The list of tags that need to matched for getting target machines."
      },
      "defaultValue": {}
    },
    "tagOperator": {
      "type": "String",
      "metadata": {
        "displayName": "Tag operator",
        "description": "Matching condition for resource tags"
      },
      "allowedValues": [
        "All",
        "Any"
      ],
      "defaultValue": "Any"
    }
  }
}

eehret commented 7 months ago

UPDATE: After interrogating the metadata a bit more I've discovered that apparently the Windows one is marked as modifiable in the metadata, whereas the Linux one is not:

Windows:

PS > Get-AzPolicyAlias -NamespaceMatch 'compute' | Select-Object -ExpandProperty 'Aliases' | Where-Object { $_.Name -eq 'Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration.patchSettings.patchMode' }                
Name            : Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration.patchSettings.patchMode
Paths           : {Microsoft.Azure.Management.ResourceManager.Models.AliasPath}
Type            : 
DefaultPath     : properties.osProfile.windowsConfiguration.patchSettings.patchMode
DefaultPattern  : 
DefaultMetadata : Microsoft.Azure.Management.ResourceManager.Models.AliasPathMetadata

PS /home/eric> $alias= Get-AzPolicyAlias -NamespaceMatch 'compute' | Select-Object -ExpandProperty 'Aliases' | Where-Object { $_.Name -eq 'Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration.patchSettings.patchMode' }       PS /home/eric> $alias.DefaultMetadata                                                                                                                                                                                                 

Type   Attributes
----   ----------
String Modifiable

Linux:

PS > Get-AzPolicyAlias -NamespaceMatch 'compute' | Select-Object -ExpandProperty 'Aliases' | Where-Object { $_.Name -eq 'Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration.patchSettings.patchMode' }

Name            : Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration.patchSettings.patchMode
Paths           : 
Type            : 
DefaultPath     : properties.osProfile.linuxConfiguration.patchSettings.patchMode
DefaultPattern  : 
DefaultMetadata :

Note the blank DefaultMetadata structure in the Linux alias.

If I am misinterpreting anything here, I apologize. I'm certainly not an expert in this area. Just hoping this helps someone fix this quickly, or perhaps reveal a workaround that I haven't yet thought of :)

BartDecker commented 7 months ago

You're not misinterpreting things. I tested this with windows and it works. With Linux not.

I also tried: https://learn.microsoft.com/en-us/answers/questions/1520341/custom-azure-policy-to-enable-automatic-vm-guest-p?page=1&orderby=Helpful&comment=answer-1444586#newest-answer-comment

as a workaround but in this case all policies just evaluate as compliant. So there seems to be a problem there as well

Looks like same problem exists for: bypassPlatformSafetyChecksOnUserSchedule & enableHotpatching

eehret commented 5 months ago

Looks like someone took notice of this issue and fixed it, although this issue remained open.

Here's what I am seeing now for the same command I issued above before that was showing the broken/missing alias.

PS /home/eric> Get-AzPolicyAlias -NamespaceMatch 'compute' | Select-Object -ExpandProperty 'Aliases' | Where-Object { $_.Name -eq 'Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration.patchSettings.patchMode' }
Name            : Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration.patchSettings.patchMode
Paths           : {Microsoft.Azure.Management.ResourceManager.Models.AliasPath}
Type            : 
DefaultPath     : properties.osProfile.linuxConfiguration.patchSettings.patchMode
DefaultPattern  : 
DefaultMetadata : Microsoft.Azure.Management.ResourceManager.Models.AliasPathMetadata

Closing myself, since this is no longer an issue and I should be able to create the policy I needed to create now due to the fix.

Azure / azure-policy

Alias request: Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration.patchSettings.patchMode and Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration.patchSettings.patchMode #1277

Scenario

Proposed Definition